Belmont University is strongly committed to maintaining the privacy and security of confidential personal information and other highly sensitive data that it collects. Our privacy and public records obligations are governed by applicable Tennessee, federal, and international laws.
This policy is applicable to all members of the Belmont University community and visitors to the university, whether virtually or on-campus, including but not limited to students, staff, faculty, alumni, applicants, third-party vendors, and others with access to Belmont University’s campus and to all university prohibited, restricted, and confidential information.
Belmont University strives to limit the collection, use, disclosure, or storage of information to that which reasonably serves the university's academic, research, administrative functions, or other legally permissible purposes. Such collection, use, disclosure, and storage should comply with Belmont University’s policies and applicable state, federal, and international laws and regulations.
Policies That Apply to Special Categories of Information
Belmont University has adopted policies governing certain categories of information. For more information about Belmont University’s compliance with any of the laws and policies referenced below, please contact the University Privacy Officer at email@example.com or the Office of University Counsel.
(1) Prohibited Information, including Social Security Number (SSN) and Driver’s License Number (DLN)
Belmont University strives to avoid using an individual's SSN or DLN as a personal identifier unless required by law or approved by the University Privacy Officer. Prohibited information, including SSNs and DLNs, may be stored electronically only in compliance with the Data Classification Policy. If prohibited information must be stored on paper, the files must be stored securely with access provided only to authorized persons.
(2) Student Records
Students have rights with respect to access to their education records under the Family Educational Rights and Privacy Act of 1974 (FERPA). These rights are outlined at www.belmont.edu/notices and in the Belmont University Bruin Guide.
(3) Health Information
Individuals have rights with respect to the privacy and security of their health information under federal and state laws and regulations, including (for faculty/staff) the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and (for students) the Family Educational Rights and Privacy Act of 1974 (FERPA). These rights are outlined in faculty, staff, and student guides and in Belmont University’s health information privacy policies.
(4) Human Subjects Research Information
In addition to the rights afforded by HIPAA and other laws related to health information, the Federal Policy for the Protection of Human Subjects (“Common Rule”) outlines provisions specific to the privacy of research participants and the confidentiality of their information. The Belmont Institutional Research Board (IRB) maintains the Human Research Protection Program (HRPP) that includes Belmont University’s policies related specifically to human subjects' research information. More information is available at www.belmont.edu/irb.
(5) Financial Services Records
The Gramm-Leach-Bliley Act (GLBA) requires that Belmont University protect the privacy and security of information collected in the course of providing certain financial services, such as student financial aid. Belmont University has adopted polices to protect this information.
(6) Information Collected in the Course of Electronic Commerce
(7) Legal and University Process
Belmont University may disclose information in the course of investigations and lawsuits in response to subpoenas, for the proper functioning of the university, to protect the safety and well-being of individuals or the community, and as otherwise permitted and/or required by law.
Departments within Belmont University are responsible for ensuring that all members of their workforce (including faculty, staff, students, consultants, and volunteers) receive appropriate training on Belmont University’s privacy and security policies to the extent necessary and appropriate for them to carry out their required job functions. Departments will maintain adequate records of workforce training, which will be provided upon request to the Office of University Counsel, the University Privacy Officer, the Information Security Officer, Human Resources, internal auditors, or other Belmont University officials with a reasonable Belmont University-related need for the information.
Release or Access
All requests related to personal confidential information maintained in the records of Belmont University must be directed to the appropriate custodian of the particular Belmont University record(s). Such requests include:
- Release of personal confidential information to a third party
- Access of personal confidential information by the data subject
- Withdrawal of consent by a data subject who previously consented to processing of his or her personal data
Disposition of such requests will be made by the appropriate custodian of the particular Belmont University record(s) in consultation with the Office of University Counsel when necessary. Examples of records custodians at Belmont University include: Student Financial Services (financial aid-related); Student Formation (residence life/conduct-related); Registrar (academic-related). Please contact the University Privacy Officer if unsure about the proper custodian for records sought.
EXPECTATION OF PRIVACY
Belmont University respects and values the privacy of its faculty, students, and staff and will not monitor its community members without cause except as required by law or as permitted by the policies and agreements referenced below:
(1) Computer and Network Usage.
Belmont University reserves the right to monitor network and computer usage for the purpose of compliance with university rules and regulations.
(2) University Student Housing.
See Belmont University residence agreement terms and the Bruin Guide for limited circumstances in which student residences may be accessed.
(3) Photography and Recording on Campus
Photographs, video recordings, and other recordings may be made only in accordance with university policies on campus photography in order to protect the privacy of the Belmont University community.
(4) Visitors on Campus
Belmont University is private property; however, some areas of the campus typically are open to visitors. Even in these locations, visitors must not interfere with the privacy of students, faculty, lecturers/instructors, and staff, or with the educational, research, and residential activities. Belmont University may revoke permission for the public to be present in these or any other areas at any time. Visitors should not access academic or residential areas unless they have been invited for appropriate business or social purposes by the responsible student, faculty member, lecturer/instructor, or staff member.
University Privacy Officer
Belmont University shall have a Privacy Officer who is responsible for:
In order to discharge these responsibilities, the University Privacy Officer will collaborate with Belmont University’s Office of University Counsel and other university administration as appropriate.
Establishing Privacy Policies and Procedures
Belmont University has designated officials with primary responsibility for establishing policies and procedures governing university compliance with certain specific privacy laws and regulations:
FERPA. Belmont University’s Registrar has primary responsibility for establishing policies and procedures related to compliance with the Family Educational Rights and Privacy Act.
HIPAA. The HIPAA Privacy Officer has primary responsibility for establishing policies and procedures related to compliance with the Health Insurance Portability and Accountability Act of 1996 for any covered entity affiliated with Belmont University.
GLBA. The University Privacy Officer has primary responsibility for establishing policies and procedures related to compliance with the Gramm-Leach-Bliley Act.
GDPR. The University Privacy Officer has primary responsibility for compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 which regulates data protection and privacy for all individuals located within the EU and EU citizens and addresses the export of personal data outside the EU.
Supporting Individuals’ Data Privacy Rights (GDPR)
The University Privacy Officer in conjunction with the appropriate departments will provide compliance by working with individuals affected by these personal privacy requirements:
- The right to be informed of how their personal data is being used.
- The right of access to their personal data.
- The right to have their inaccurate personal data rectified.
- The right to have their personal data erased (right to erasure) under certain circumstances.
- The right to restrict the processing of their personal data pending its verification or correction.
- The right to receive copies of their personal data in a machine-readable and commonly-used format (right to data portability).
- The right to object to processing of their data that proceeds under particular legal bases; to direct marketing; and to processing of their data for research purposes where that research is not in the public interest.
- The right not to be subject to a decision based solely on automated decision-making using their personal data.
Information Custodians and System Owners
Each campus staff or faculty member who retains custody of restricted or confidential information and each system owner is responsible for the application of this policy and all related university policies to the systems and information under their care or control. For more information about Data Security and Custodians, contact the Office of Assessment and Institutional Research (OAIR).
Division of Marketing and Communications
1900 Belmont Blvd
Nashville, TN 37212
Belmont University collects various types of information through our websites, through other commercial websites where you can express interest in our services, through our mobile applications, via email, over Live Chat, by phone, and in person where print materials and digital technology may be used to collect information from you. Some information is collected automatically through various web and Internet technologies, including social networking tools used by Belmont University, to foster communication and collaboration among members of our community.
Other Information is collected when you provide it in response to an advertisement; in a survey or a request for information; to apply for admission or financial aid; to register for classes; to order educational or other products and services; to set up a social network or other site profile; or to use one of our career resources, learning assessments, or other interactive tools.
We may also obtain information from other sources and combine that with information we collect about you.
We will not sell, rent, or lease your personal information to others except as provided in this policy. We may collect, use, and disclose your personal information for the following purposes:
- To determine your admissibility and to register you for your selected educational programs
- To contact you regarding your status with Belmont University
- To provide requested products and services
- To respond to your inquiries and provide customer support
- For our internal marketing purposes, including but limited to, personalizing your experience on our website, sending you material about products, services, updates, etc. that we think may be of interest to you
- For fostering communication and collaboration among members of your Belmont University community through social networks
- For sharing with our education partners who may contact you with respect to educational or other Belmont partnership services
- For sharing with our education partners or business associates who are performing services on our behalf
- To analyze how sites and services are being accessed and used
- For investigation of information security and information asset protection-related incidents
- To test, correct, and improve our content, applications, and services
- To develop new applications, products, and services
- To improve student retention, site and service performance, user experience, and service delivery
- To prevent potentially illegal activities (including illegal downloading of copyrighted materials in accordance with our Policy on Copyright Compliance)
- To investigate suspicious information that denotes illegal activity such as financial aid fraud
- To analyze academic and learning outcomes and preferences
- For external academic research and scholarship done by business associates or unrelatedentities
- To obtain payment for services that we provide to you
- To provide you with information concerning arrangements and other options for the repayment of funds loaned to you for your education
- To maintain educational and business records for reasonable periods
- In connection with the contemplated or actual reorganization, merger, acquisition, financing, securitization, insuring, sale, or other disposal of all or part of our business or assets
- As may be required or permitted by applicable legal, regulatory, industry self-regulatory, insurance, audit, or security requirements
Failure to follow proper policies and procedures concerning access, storage, and transmission of information may result in sanctions and disciplinary action up to and including termination of employment, student suspension or expulsion, referral to the Office of Student Formation or Office of University Counsel, or other applicable administrative process.
Members of the Belmont University community who believe that these policies have been violated should report such violations to the University Privacy Officer or Office of University Counsel. Complaints or concerns may also be reported anonymously by contacting the University Privacy Officer at firstname.lastname@example.org.
RELATED STANDARDS, POLICIES, AND PROCEDURES
The University Privacy Officer will work in concert with the Dean of Students Office, the Office of University Counsel, and Human Resources to ensure fair and appropriate investigation, consideration, and consequences where appropriate. Users are expected to familiarize themselves with applicable Belmont University standards and comply with them.
- Acceptable Use Policy
- Password Policy
- BYOD Policy
- Email Policy
- Wireless Communication Policy
- Technology Purchasing Policy
- Remote Access Policy
- Data Classification Policy
- Social Media Policy
- Current Belmont Bruin Guide
- Current Faculty Staff Handbook
- FERPA Policy
- HIPPA Policy
- Misconduct Policy
- The Family Educational Rights and Privacy Act of 1974 (FERPA) (also known as the Buckley Amendment) 20 U.S.C. § 1232g; 34 C.F.R. § 99.1 et seq.
- The Gramm-Leach-Bliley Act (GLBA) 15 U.S.C. § 6801 et seq., 16 CFR § 313.1 et seq.(privacy)16 CFR § 314.1 et seq. (safeguarding)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub. Law 104-191) and HIPAA regulations, including but not limited to the HIPAA Privacy Rule and HIPAA Security Rule, 42 CFR Parts 160, 162, 164
- Title 45, Part 46 of the Code of Federal Regulations (45 CRF 46)
- Title IX of the Education Amendments of 1972
- Federal Copyright Act and Teach Act of 2002
- Sections 504 of the Rehabilitation Act of 1973
- The Privacy Act of 1974 (5 U.S.C. 552a)
- General Data Protection Regulation (GDPR) (EU) 2016/679 which regulates data protection and privacy for all individuals located within the EU and EU citizens and addresses the export of personal data outside the EU.
DEFINITIONS AND TERMS
Disclosure: “Disclosure” is the release of, transfer of, provision of access to, or other communication of information outside of the Belmont University community.
Use: "Use" is the examination, sharing, or other utilization of information within the Belmont University community.
Information: "Information" is all Belmont University prohibited, restricted, and confidential information, whether in electronic or paper format, defined in Belmont University’s Data Classification, Access, Transmittal and Storage Guidelines.
Guidelines: "Guidelines" refer to the Information Security Office's Secure Computing Guidelines and its Data Classification, Access, Transmittal and Storage Guidelines.